View Single Post
  #3 (permalink)  
Old April 29th, 2002
Sajma Sajma is offline
Join Date: April 26th, 2002
Posts: 11
Sajma is flying high

The first challenge here is that "By User" wouldn't reference a user name or email address, but rather a public key. Essentially you want to filter your search to those items that are signed by a key you trust. This suggests that Limewire would need a simple key management tool that lets you list the keys of content providers you trust.

As for the signatures themselves, those could be stored in Gnutella as their own items. The description line for a signature could be something like:
"|0fs73jfesa==| signed by |hjfw98\rf430|"

Where the first hash is the content hash of the data item that was signed, and the second hash is the hash of the public key of the signer. The content of this file is the signature itself. Thus, to verify the authenticity of an item, I just search for this description line to find the appropriate signature. Note that this lets multiple people sign the same item, so you can do stuff like threshold checking (e.g., I'll trust this content if it's signed by 2 out of 3 people I trust).

One problem though: if you sign the content you rip,that might make it easier for the RIAA to find you

Last edited by Sajma; April 29th, 2002 at 11:45 AM.
Reply With Quote